npm - @node9/proxy - Versions diffs - 1.6.0 → 1.7.1 - Mend

@node9/proxy 1.6.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -491,6 +491,84 @@ var init_shields = __esm({
         ],
         dangerousWords: []
       },
+      "bash-safe": {
+        name: "bash-safe",
+        description: "Blocks high-risk bash patterns: pipe-to-shell, rm -rf /, disk overwrites, eval",
+        aliases: ["bash", "shell"],
+        smartRules: [
+          {
+            name: "shield:bash-safe:block-pipe-to-shell",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "(curl|wget)\\s+[^|]*\\|\\s*(bash|sh|zsh|fish|python3?|ruby|perl|node)",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "Pipe-to-shell is a common supply-chain attack vector \u2014 blocked by bash-safe shield"
+          },
+          {
+            name: "shield:bash-safe:block-obfuscated-exec",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "base64\\s+(-d|--decode).*\\|\\s*(bash|sh|zsh)",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "Obfuscated execution via base64 decode \u2014 blocked by bash-safe shield"
+          },
+          {
+            name: "shield:bash-safe:block-rm-root",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "rm\\s+(-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r)[a-zA-Z]*\\s+(\\/|~|\\$HOME|\\$\\{HOME\\})\\s*$",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "rm -rf of root or home directory is catastrophic \u2014 blocked by bash-safe shield"
+          },
+          {
+            name: "shield:bash-safe:block-disk-overwrite",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: "dd\\s+.*of=\\/dev\\/(sd|nvme|hd|vd|xvd)",
+                flags: "i"
+              }
+            ],
+            verdict: "block",
+            reason: "Writing directly to a block device is irreversible \u2014 blocked by bash-safe shield"
+          },
+          {
+            name: "shield:bash-safe:review-eval",
+            tool: "bash",
+            conditions: [
+              {
+                field: "command",
+                op: "matches",
+                value: '\\beval\\s+[\\$`("]',
+                flags: "i"
+              }
+            ],
+            verdict: "review",
+            reason: "eval of dynamic content requires human approval (bash-safe shield)"
+          }
+        ],
+        dangerousWords: []
+      },
       filesystem: {
         name: "filesystem",
         description: "Protects the local filesystem from dangerous AI operations",
@@ -777,7 +855,7 @@ var init_config = __esm({
     DEFAULT_CONFIG = {
       version: "1.0",
       settings: {
-        mode: "audit",
+        mode: "standard",
         autoStartDaemon: true,
         enableUndo: true,
         // 🔥 ALWAYS TRUE BY DEFAULT for the safety net
@@ -3176,6 +3254,7 @@ async function authorizeHeadless(toolName, args, meta, options) {
       await notifyActivity({
         id: actId,
         tool: toolName,
+        args,
         ts: actTs,
         status: result.approved ? "allow" : result.blockedByLabel?.includes("DLP") ? "dlp" : result.blockedByLabel?.includes("Taint") ? "taint" : "block",
         label: result.blockedByLabel,
@@ -5453,6 +5532,7 @@ var init_session_counters = __esm({
       _blocked = 0;
       _dlpHits = 0;
       _wouldBlock = 0;
+      _estimatedCost = 0;
       _lastRuleHit = null;
       _lastBlockedTool = null;
       incrementAllowed() {
@@ -5467,6 +5547,10 @@ var init_session_counters = __esm({
       incrementWouldBlock() {
         this._wouldBlock++;
       }
+      addCost(amount) {
+        if (!isFinite(amount) || amount < 0) return;
+        this._estimatedCost += amount;
+      }
       recordRuleHit(label) {
         this._lastRuleHit = label;
       }
@@ -5479,6 +5563,7 @@ var init_session_counters = __esm({
           blocked: this._blocked,
           dlpHits: this._dlpHits,
           wouldBlock: this._wouldBlock,
+          estimatedCost: this._estimatedCost,
           lastRuleHit: this._lastRuleHit,
           lastBlockedTool: this._lastBlockedTool
         };
@@ -5488,6 +5573,7 @@ var init_session_counters = __esm({
         this._blocked = 0;
         this._dlpHits = 0;
         this._wouldBlock = 0;
+        this._estimatedCost = 0;
         this._lastRuleHit = null;
         this._lastBlockedTool = null;
       }
@@ -5718,15 +5804,38 @@ function openBrowser(url) {
   } catch {
   }
 }
+function estimateToolCost(tool, args) {
+  const a = args ?? {};
+  const t = tool.toLowerCase().replace(/[^a-z_]/g, "_");
+  if (t.includes("read") || t === "glob" || t === "grep") {
+    const filePath = a.file_path ?? a.path;
+    if (filePath) {
+      try {
+        const bytes = fs13.statSync(filePath).size;
+        return bytes / BYTES_PER_TOKEN / 1e6 * INPUT_PRICE_PER_1M;
+      } catch {
+      }
+    }
+  }
+  if (t.includes("write")) {
+    const content = a.content ?? "";
+    return String(content).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  if (t.includes("edit") || t === "str_replace_based_edit_tool") {
+    const newStr = a.new_string ?? "";
+    return String(newStr).length / BYTES_PER_TOKEN / 1e6 * OUTPUT_PRICE_PER_1M;
+  }
+  return void 0;
+}
 function broadcast(event, data) {
   if (event === "activity") {
     activityRing.push({ event, data });
     if (activityRing.length > ACTIVITY_RING_SIZE) activityRing.shift();
   } else if (event === "activity-result") {
-    const { id, status, label } = data;
+    const { id, status, label, costEstimate } = data;
     for (let i = activityRing.length - 1; i >= 0; i--) {
       if (activityRing[i].data.id === id) {
-        Object.assign(activityRing[i].data, { status, label });
+        Object.assign(activityRing[i].data, { status, label, costEstimate });
         break;
       }
     }
@@ -5828,10 +5937,13 @@ function startActivitySocket() {
             sessionCounters.incrementBlocked();
             sessionCounters.recordBlockedTool(data.tool);
           }
+          const costEstimate = data.status === "allow" ? estimateToolCost(data.tool, data.args) : void 0;
+          if (costEstimate != null && costEstimate > 0) sessionCounters.addCost(costEstimate);
           broadcast("activity-result", {
             id: data.id,
             status: data.status,
-            label: data.label
+            label: data.label,
+            costEstimate
           });
         }
       } catch {
@@ -5848,7 +5960,7 @@ function startActivitySocket() {
     }
   });
 }
-var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, WRITE_TOOL_NAMES;
+var homeDir, DAEMON_PID_FILE, DECISIONS_FILE, AUDIT_LOG_FILE, TRUST_FILE2, GLOBAL_CONFIG_FILE, CREDENTIALS_FILE, INSIGHT_COUNTS_FILE, pending, sseClients, suggestionTracker, suggestions, taintStore, insightCounts, _abandonTimer, _hadBrowserClient, _daemonServer, daemonRejectionHandlerRegistered, AUTO_DENY_MS, TRUST_DURATIONS, autoStarted, ACTIVITY_SOCKET_PATH2, ACTIVITY_RING_SIZE, activityRing, SECRET_KEY_RE, INPUT_PRICE_PER_1M, OUTPUT_PRICE_PER_1M, BYTES_PER_TOKEN, WRITE_TOOL_NAMES;
 var init_state2 = __esm({
   "src/daemon/state.ts"() {
     "use strict";
@@ -5886,6 +5998,9 @@ var init_state2 = __esm({
     ACTIVITY_RING_SIZE = 100;
     activityRing = [];
     SECRET_KEY_RE = /password|secret|token|key|apikey|credential|auth/i;
+    INPUT_PRICE_PER_1M = 3;
+    OUTPUT_PRICE_PER_1M = 15;
+    BYTES_PER_TOKEN = 4;
     WRITE_TOOL_NAMES = /* @__PURE__ */ new Set([
       "write",
       "write_file",
@@ -6349,7 +6464,8 @@ data: ${JSON.stringify(item.data)}
             allowed: counters.allowed,
             blocked: counters.blocked,
             dlpHits: counters.dlpHits,
-            wouldBlock: counters.wouldBlock
+            wouldBlock: counters.wouldBlock,
+            estimatedCost: counters.estimatedCost
           },
           taintedCount: taintStore.list().length,
           lastRuleHit: counters.lastRuleHit,
@@ -6481,6 +6597,7 @@ data: ${JSON.stringify(item.data)}
     }
     if (req.method === "POST" && pathname === "/events/clear") {
       activityRing.length = 0;
+      sessionCounters.reset();
       res.writeHead(200, { "Content-Type": "application/json" });
       return res.end(JSON.stringify({ ok: true }));
     }
@@ -6793,7 +6910,7 @@ function formatBase(activity) {
   const time = new Date(activity.ts).toLocaleTimeString([], { hour12: false });
   const icon = getIcon(activity.tool);
   const toolName = activity.tool.slice(0, 16).padEnd(16);
-  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ");
+  const argsStr = JSON.stringify(activity.args ?? {}).replace(/\s+/g, " ").replaceAll(os21.homedir(), "~");
   const argsPreview = argsStr.length > 70 ? argsStr.slice(0, 70) + "\u2026" : argsStr;
   return `${chalk17.gray(time)} ${icon} ${chalk17.white.bold(toolName)} ${chalk17.dim(argsPreview)}`;
 }
@@ -6807,11 +6924,13 @@ function renderResult(activity, result) {
   } else {
     status = chalk17.red("\u2717 BLOCK");
   }
+  const cost = result.costEstimate ?? activity.costEstimate;
+  const costSuffix = cost == null ? "" : chalk17.dim(`  ~$${cost >= 1e-3 ? cost.toFixed(3) : "0.000"}`);
   if (process.stdout.isTTY) {
     readline5.clearLine(process.stdout, 0);
     readline5.cursorTo(process.stdout, 0);
   }
-  console.log(`${base}  ${status}`);
+  console.log(`${base}  ${status}${costSuffix}`);
 }
 function renderPending(activity) {
   if (!process.stdout.isTTY) return;
@@ -6940,6 +7059,39 @@ function buildRecoveryCardLines(req) {
     ``
   ];
 }
+function readApproversFromDisk() {
+  const configPath = path28.join(os21.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    return settings.approvers ?? {};
+  } catch {
+    return {};
+  }
+}
+function approverStatusLine() {
+  const a = readApproversFromDisk();
+  const fmt = (label, key) => {
+    const on = a[key] !== false;
+    return `[${key[0]}]${label.slice(1)} ${on ? chalk17.green("\u2713") : chalk17.dim("\u2717")}`;
+  };
+  return `${fmt("native", "native")}  ${fmt("browser", "browser")}  ${fmt("cloud", "cloud")}  ${fmt("terminal", "terminal")}`;
+}
+function toggleApprover(channel) {
+  const configPath = path28.join(os21.homedir(), ".node9", "config.json");
+  try {
+    const raw = JSON.parse(fs25.readFileSync(configPath, "utf-8"));
+    const settings = raw.settings ?? {};
+    const approvers = settings.approvers ?? {};
+    approvers[channel] = approvers[channel] === false;
+    settings.approvers = approvers;
+    raw.settings = settings;
+    fs25.writeFileSync(configPath, JSON.stringify(raw, null, 2) + "\n");
+  } catch (err2) {
+    process.stderr.write(`[node9] toggleApprover failed: ${String(err2)}
+`);
+  }
+}
 async function startTail(options = {}) {
   const port = await ensureDaemon();
   if (options.clear) {
@@ -6978,6 +7130,7 @@ async function startTail(options = {}) {
   }
   const connectionTime = Date.now();
   const activityPending = /* @__PURE__ */ new Map();
+  const orphanedResults = /* @__PURE__ */ new Map();
   let csrfToken = "";
   const approvalQueue = [];
   let cardActive = false;
@@ -6986,6 +7139,44 @@ async function startTail(options = {}) {
   const localAllowCounts = /* @__PURE__ */ new Map();
   const canApprove = process.stdout.isTTY && process.stdin.isTTY;
   if (canApprove) readline5.emitKeypressEvents(process.stdin);
+  let idleKeypressHandler = null;
+  function enterIdleMode() {
+    if (!canApprove || idleKeypressHandler !== null) return;
+    try {
+      process.stdin.setRawMode(true);
+    } catch {
+      return;
+    }
+    process.stdin.resume();
+    idleKeypressHandler = (_str, key) => {
+      const name = key?.name ?? "";
+      if (key?.ctrl && name === "c") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      if (name === "q") {
+        process.kill(process.pid, "SIGINT");
+        return;
+      }
+      const channel = name === "n" ? "native" : name === "b" ? "browser" : name === "c" ? "cloud" : name === "t" ? "terminal" : null;
+      if (channel) {
+        toggleApprover(channel);
+        console.log(chalk17.dim(`  Approvers: ${approverStatusLine()}`));
+      }
+    };
+    process.stdin.on("keypress", idleKeypressHandler);
+  }
+  function exitIdleMode() {
+    if (idleKeypressHandler) {
+      process.stdin.removeListener("keypress", idleKeypressHandler);
+      idleKeypressHandler = null;
+    }
+    try {
+      process.stdin.setRawMode(false);
+    } catch {
+    }
+    process.stdin.pause();
+  }
   function clearCard() {
     if (cardLineCount > 0) {
       readline5.moveCursor(process.stdout, 0, -cardLineCount);
@@ -7004,10 +7195,12 @@ async function startTail(options = {}) {
   }
   function showNextCard() {
     if (cardActive || approvalQueue.length === 0 || !canApprove) return;
+    exitIdleMode();
     try {
       process.stdin.setRawMode(true);
     } catch {
       cardActive = false;
+      enterIdleMode();
       return;
     }
     cardActive = true;
@@ -7019,12 +7212,8 @@ async function startTail(options = {}) {
       const handler = onKeypress;
       onKeypress = null;
       if (handler) process.stdin.removeListener("keypress", handler);
-      try {
-        process.stdin.setRawMode(false);
-      } catch {
-      }
-      process.stdin.pause();
       cancelActiveCard = null;
+      enterIdleMode();
     };
     const settle = (action) => {
       if (settled) return;
@@ -7151,18 +7340,16 @@ async function startTail(options = {}) {
   console.log(chalk17.cyan.bold(`
 \u{1F6F0}\uFE0F  Node9 tail  `) + chalk17.dim(`\u2192 ${dashboardUrl}`));
   if (canApprove) {
-    console.log(
-      chalk17.dim("Interactive approvals: [\u21B5/y] Allow  [n] Deny  [a] Always Allow  [t] Trust 30m")
-    );
+    console.log(chalk17.dim("Card: [\u21B5/y] Allow  [n] Deny  [a] Always  [t] Trust 30m"));
+    console.log(chalk17.dim(`Approvers (toggle): ${approverStatusLine()}  [q] quit`));
   }
   if (options.history) {
-    console.log(chalk17.dim("Showing history + live events. Press Ctrl+C to exit.\n"));
+    console.log(chalk17.dim("Showing history + live events.\n"));
   } else {
-    console.log(
-      chalk17.dim("Showing live events only. Use --history to include past. Press Ctrl+C to exit.\n")
-    );
+    console.log(chalk17.dim("Showing live events only. Use --history to include past.\n"));
   }
   process.on("SIGINT", () => {
+    exitIdleMode();
     clearCard();
     process.stdout.write(SHOW_CURSOR);
     if (process.stdout.isTTY) {
@@ -7178,6 +7365,7 @@ async function startTail(options = {}) {
       console.error(chalk17.red(`Failed to connect: HTTP ${res.statusCode}`));
       process.exit(1);
     }
+    if (canApprove) enterIdleMode();
     let currentEvent = "";
     let currentData = "";
     res.on("error", () => {
@@ -7277,9 +7465,14 @@ async function startTail(options = {}) {
         renderResult(data, data);
         return;
       }
+      const orphaned = orphanedResults.get(data.id);
+      if (orphaned) {
+        orphanedResults.delete(data.id);
+        renderResult(data, orphaned);
+        return;
+      }
       activityPending.set(data.id, data);
-      const slowTool = /bash|shell|query|sql|agent/i.test(data.tool);
-      if (slowTool) renderPending(data);
+      renderPending(data);
     }
     if (event === "snapshot") {
       const time = new Date(data.ts).toLocaleTimeString([], { hour12: false });
@@ -7298,6 +7491,8 @@ async function startTail(options = {}) {
       if (original) {
         renderResult(original, data);
         activityPending.delete(data.id);
+      } else {
+        orphanedResults.set(data.id, data);
       }
     }
   }
@@ -7537,6 +7732,29 @@ function renderOffline() {
   process.stdout.write(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")} ${dim("|")} ${dim("offline")}
 `);
 }
+function readActiveShieldsHud() {
+  const now = Date.now();
+  if (shieldsCache && now - shieldsCache.ts < SHIELDS_CACHE_TTL_MS) {
+    return shieldsCache.value;
+  }
+  try {
+    const shieldsPath = path29.join(os22.homedir(), ".node9", "shields.json");
+    if (!fs26.existsSync(shieldsPath)) {
+      shieldsCache = { value: [], ts: now };
+      return [];
+    }
+    const parsed = JSON.parse(fs26.readFileSync(shieldsPath, "utf-8"));
+    if (!Array.isArray(parsed.active)) {
+      shieldsCache = { value: [], ts: now };
+      return [];
+    }
+    const value = parsed.active.filter((s) => typeof s === "string").map((s) => s.slice(0, 64)).slice(0, 20);
+    shieldsCache = { value, ts: now };
+    return value;
+  } catch {
+    return [];
+  }
+}
 function renderSecurityLine(status) {
   const parts = [];
   parts.push(`${color(BLUE, "\u{1F6E1}")} ${bold("node9")}`);
@@ -7554,6 +7772,18 @@ function renderSecurityLine(status) {
   };
   const mc = modeColors[status.mode] ?? WHITE;
   parts.push(`${dim("|")} ${color(mc, modeIcon[status.mode] ?? "")}${color(mc, status.mode)}`);
+  const activeShields = readActiveShieldsHud();
+  if (activeShields.length > 0) {
+    const shieldAbbrevs = {
+      "bash-safe": "bash",
+      filesystem: "fs",
+      postgres: "pg",
+      github: "gh",
+      aws: "aws"
+    };
+    const labels = activeShields.map((s) => shieldAbbrevs[s] ?? s).join(" ");
+    parts.push(color(DIM, `[${labels}]`));
+  }
   if (status.mode === "observe") {
     parts.push(`${dim("|")} ${color(GREEN2, `\u2705 ${status.session.allowed} passed`)}`);
     if (status.session.wouldBlock > 0) {
@@ -7568,6 +7798,11 @@ function renderSecurityLine(status) {
       parts.push(color(RED2, `\u{1F6A8} ${status.session.dlpHits} dlp`));
     }
   }
+  if (status.session.estimatedCost > 0) {
+    const cost = status.session.estimatedCost;
+    const costStr = cost >= 0.01 ? `$${cost.toFixed(2)}` : cost >= 1e-3 ? `$${cost.toFixed(3)}` : "<$0.001";
+    parts.push(color(DIM, `~${costStr}`));
+  }
   if (status.taintedCount > 0) {
     parts.push(color(YELLOW2, `\u{1F4A7} ${status.taintedCount} tainted`));
   }
@@ -7645,7 +7880,7 @@ async function main() {
     renderOffline();
   }
 }
-var RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH;
+var RESET3, BOLD3, DIM, RED2, GREEN2, YELLOW2, BLUE, MAGENTA, CYAN2, WHITE, BAR_FILLED, BAR_EMPTY, BAR_WIDTH, shieldsCache, SHIELDS_CACHE_TTL_MS;
 var init_hud = __esm({
   "src/cli/hud.ts"() {
     "use strict";
@@ -7663,6 +7898,8 @@ var init_hud = __esm({
     BAR_FILLED = "\u2588";
     BAR_EMPTY = "\u2591";
     BAR_WIDTH = 10;
+    shieldsCache = null;
+    SHIELDS_CACHE_TTL_MS = 2e3;
   }
 });
@@ -7676,6 +7913,7 @@ import path14 from "path";
 import os10 from "os";
 import chalk from "chalk";
 import { confirm } from "@inquirer/prompts";
+import { parse as parseToml, stringify as stringifyToml } from "smol-toml";
 var NODE9_MCP_SERVER_ENTRY = { command: "node9", args: ["mcp-server"] };
 function hasNode9McpServer(servers) {
   const entry = servers["node9"];
@@ -8039,7 +8277,8 @@ function detectAgents(homeDir2 = os10.homedir()) {
   return {
     claude: exists(path14.join(homeDir2, ".claude")) || exists(path14.join(homeDir2, ".claude.json")),
     gemini: exists(path14.join(homeDir2, ".gemini")),
-    cursor: exists(path14.join(homeDir2, ".cursor"))
+    cursor: exists(path14.join(homeDir2, ".cursor")),
+    codex: exists(path14.join(homeDir2, ".codex"))
   };
 }
 async function setupCursor() {
@@ -8104,6 +8343,82 @@ async function setupCursor() {
     printDaemonTip();
   }
 }
+function readToml(filePath) {
+  try {
+    if (fs11.existsSync(filePath)) {
+      return parseToml(fs11.readFileSync(filePath, "utf-8"));
+    }
+  } catch {
+  }
+  return null;
+}
+function writeToml(filePath, data) {
+  const dir = path14.dirname(filePath);
+  if (!fs11.existsSync(dir)) fs11.mkdirSync(dir, { recursive: true });
+  fs11.writeFileSync(filePath, stringifyToml(data));
+}
+async function setupCodex() {
+  const homeDir2 = os10.homedir();
+  const configPath = path14.join(homeDir2, ".codex", "config.toml");
+  const config = readToml(configPath) ?? {};
+  const servers = config.mcp_servers ?? {};
+  let anythingChanged = false;
+  if (!hasNode9McpServer(servers)) {
+    servers["node9"] = NODE9_MCP_SERVER_ENTRY;
+    config.mcp_servers = servers;
+    writeToml(configPath, config);
+    console.log(chalk.green("  \u2705 node9 MCP server added   \u2192 node9 mcp-server"));
+    anythingChanged = true;
+  }
+  const serversToWrap = [];
+  for (const [name, server] of Object.entries(servers)) {
+    if (!server.command || server.command === "node9") continue;
+    const parts = [server.command, ...server.args ?? []];
+    serversToWrap.push({ name, originalCmd: parts.join(" "), parts });
+  }
+  if (serversToWrap.length > 0) {
+    console.log(chalk.bold("The following existing entries will be modified:\n"));
+    console.log(chalk.white(`  ${configPath}`));
+    for (const { name, originalCmd } of serversToWrap) {
+      console.log(chalk.gray(`    \u2022 ${name}: "${originalCmd}" \u2192 node9 ${originalCmd}`));
+    }
+    console.log("");
+    const proceed = await confirm({ message: "Wrap these MCP servers?", default: true });
+    if (proceed) {
+      for (const { name, parts } of serversToWrap) {
+        servers[name] = { ...servers[name], command: "node9", args: parts };
+      }
+      config.mcp_servers = servers;
+      writeToml(configPath, config);
+      console.log(chalk.green(`
+  \u2705 ${serversToWrap.length} MCP server(s) wrapped`));
+      anythingChanged = true;
+    } else {
+      console.log(chalk.yellow("  Skipped MCP server wrapping."));
+    }
+    console.log("");
+  }
+  console.log(
+    chalk.yellow(
+      "  \u26A0\uFE0F  Note: Codex does not yet support native pre-execution hooks.\n     MCP proxy wrapping is the only supported protection mode for Codex.\n     Native bash and file operations are not monitored."
+    )
+  );
+  console.log("");
+  if (!anythingChanged && serversToWrap.length === 0) {
+    console.log(
+      chalk.blue(
+        "\u2139\uFE0F  No MCP servers found to wrap. Add MCP servers to ~/.codex/config.toml and re-run."
+      )
+    );
+    printDaemonTip();
+    return;
+  }
+  if (anythingChanged) {
+    console.log(chalk.green.bold("\u{1F6E1}\uFE0F  Node9 is now protecting Codex via MCP proxy!"));
+    console.log(chalk.gray("    Restart Codex for changes to take effect."));
+    printDaemonTip();
+  }
+}
 function setupHud() {
   const homeDir2 = os10.homedir();
   const hooksPath = path14.join(homeDir2, ".claude", "settings.json");
@@ -8596,6 +8911,9 @@ async function createShadowSnapshot(tool = "unknown", args = {}, ignorePaths = [
       if (filesRes.status === 0) {
         capturedFiles = filesRes.stdout?.toString().trim().split("\n").filter(Boolean) ?? [];
       }
+      if (capturedFiles.length === 0) {
+        return prevEntry.hash;
+      }
       const diffRes = spawnSync4("git", ["diff", prevEntry.hash, commitHash], {
         env: shadowEnv,
         timeout: GIT_TIMEOUT
@@ -9793,24 +10111,90 @@ import chalk11 from "chalk";
 import fs23 from "fs";
 import path25 from "path";
 import os19 from "os";
+import https from "https";
+init_shields();
+var DEFAULT_SHIELDS = ["bash-safe", "filesystem", "postgres"];
+function fireTelemetryPing(agents) {
+  try {
+    const body = JSON.stringify({
+      event: "init_completed",
+      agents_detected: agents,
+      os: process.platform,
+      node9_version: process.env.npm_package_version ?? "unknown"
+    });
+    const req = https.request(
+      {
+        hostname: "api.node9.ai",
+        path: "/api/v1/telemetry",
+        method: "POST",
+        headers: { "Content-Type": "application/json", "Content-Length": Buffer.byteLength(body) },
+        timeout: 3e3
+      },
+      (res) => {
+        res.resume();
+      }
+    );
+    req.on("error", () => {
+    });
+    req.on("timeout", () => {
+      req.destroy();
+    });
+    req.end(body);
+  } catch {
+  }
+}
 function registerInitCommand(program2) {
   program2.command("init").description("Set up Node9: create config and wire all detected AI agents").option("--force", "Overwrite existing config").option("-m, --mode <mode>", "Set initial security mode (standard, strict, audit)", "standard").option("--skip-setup", "Only create config \u2014 do not wire AI agents").action(async (options) => {
     console.log(chalk11.cyan.bold("\n\u{1F6E1}\uFE0F  Node9 Init\n"));
+    let chosenMode = options.mode.toLowerCase();
+    if (!["standard", "strict", "audit"].includes(chosenMode)) {
+      chosenMode = DEFAULT_CONFIG.settings.mode;
+    }
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const enableShields = await confirm3({
+        message: "Enable recommended safety shields? (blocks rm -rf, SQL drops, pipe-to-shell)",
+        default: true
+      });
+      if (enableShields) {
+        chosenMode = "standard";
+        try {
+          const current = readActiveShields();
+          const merged = Array.from(/* @__PURE__ */ new Set([...current, ...DEFAULT_SHIELDS]));
+          const hasNewShields = DEFAULT_SHIELDS.some((s) => !current.includes(s));
+          if (hasNewShields) writeActiveShields(merged);
+        } catch (err2) {
+          console.log(chalk11.yellow(`  \u26A0\uFE0F  Could not update shields: ${String(err2)}`));
+        }
+      }
+      console.log("");
+    }
     const configPath = path25.join(os19.homedir(), ".node9", "config.json");
     if (fs23.existsSync(configPath) && !options.force) {
-      console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      try {
+        const existing = JSON.parse(fs23.readFileSync(configPath, "utf-8"));
+        const settings = existing.settings ?? {};
+        if (settings.mode !== chosenMode) {
+          settings.mode = chosenMode;
+          existing.settings = settings;
+          fs23.writeFileSync(configPath, JSON.stringify(existing, null, 2) + "\n");
+          console.log(chalk11.green(`\u2705 Mode updated: ${chosenMode}`));
+        } else {
+          console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+        }
+      } catch {
+        console.log(chalk11.blue(`\u2139\uFE0F  Config already exists: ${configPath}`));
+      }
     } else {
-      const requestedMode = options.mode.toLowerCase();
-      const safeMode = ["standard", "strict", "audit"].includes(requestedMode) ? requestedMode : DEFAULT_CONFIG.settings.mode;
       const configToSave = {
         ...DEFAULT_CONFIG,
-        settings: { ...DEFAULT_CONFIG.settings, mode: safeMode }
+        settings: { ...DEFAULT_CONFIG.settings, mode: chosenMode }
       };
       const dir = path25.dirname(configPath);
       if (!fs23.existsSync(dir)) fs23.mkdirSync(dir, { recursive: true });
-      fs23.writeFileSync(configPath, JSON.stringify(configToSave, null, 2));
+      fs23.writeFileSync(configPath, JSON.stringify(configToSave, null, 2) + "\n");
       console.log(chalk11.green(`\u2705 Config created: ${configPath}`));
-      console.log(chalk11.gray(`   Mode: ${safeMode}`));
+      console.log(chalk11.gray(`   Mode: ${chosenMode}`));
     }
     if (options.skipSetup) return;
     console.log("");
@@ -9820,9 +10204,9 @@ function registerInitCommand(program2) {
     );
     if (found.length === 0) {
       console.log(
-        chalk11.gray("No AI agents detected. Install Claude Code, Gemini CLI, or Cursor")
+        chalk11.gray("No AI agents detected. Install Claude Code, Gemini CLI, Cursor, or Codex")
       );
-      console.log(chalk11.gray("then run: node9 addto <claude|gemini|cursor>"));
+      console.log(chalk11.gray("then run: node9 addto <claude|gemini|cursor|codex>"));
       return;
     }
     console.log(chalk11.bold("Detected agents:"));
@@ -9835,16 +10219,23 @@ function registerInitCommand(program2) {
       if (agent === "claude") await setupClaude();
       else if (agent === "gemini") await setupGemini();
       else if (agent === "cursor") await setupCursor();
+      else if (agent === "codex") await setupCodex();
       console.log("");
     }
-    if (detected.claude) {
-      setupHud();
-      console.log(chalk11.green("\u2705 node9 HUD added to Claude Code statusline"));
-      console.log(chalk11.gray("   Restart Claude Code to activate the security statusline."));
+    {
+      const { confirm: confirm3 } = await import("@inquirer/prompts");
+      const sendTelemetry = await confirm3({
+        message: "Send anonymous usage stats to help improve node9? (no code, no args)",
+        default: true
+      });
+      if (sendTelemetry) fireTelemetryPing(found);
       console.log("");
     }
     console.log(chalk11.green.bold("\u{1F6E1}\uFE0F  Node9 is ready!"));
-    console.log(chalk11.gray("   Run: node9 daemon start"));
+    console.log("");
+    console.log(chalk11.white("  Start watching:  ") + chalk11.cyan("node9 tail"));
+    console.log(chalk11.white("  Browser view:    ") + chalk11.cyan("node9 daemon --openui"));
+    console.log(chalk11.white("  Cloud dashboard: ") + chalk11.cyan("node9.ai"));
   });
 }
@@ -10450,6 +10841,44 @@ var TOOLS = [
       required: ["service"]
     }
   },
+  {
+    name: "node9_shield_disable",
+    description: "Disable a node9 shield. Use node9_shield_list to see currently active shields.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        service: {
+          type: "string",
+          description: 'Shield name to disable (e.g. "postgres", "aws", "github", "filesystem").'
+        }
+      },
+      required: ["service"]
+    }
+  },
+  {
+    name: "node9_approver_list",
+    description: "List all node9 approver channels and their current enabled/disabled state. Approvers are the channels through which node9 asks a human to approve risky tool calls. Channels: native (OS popup), browser (web UI), cloud (team policy server), terminal (stdin).",
+    inputSchema: { type: "object", properties: {}, required: [] }
+  },
+  {
+    name: "node9_approver_set",
+    description: "Enable or disable a specific node9 approver channel in the global config (~/.node9/config.json). Use this to turn individual channels on or off without touching other settings. Channels: native, browser, cloud, terminal. WARNING: disabling all approvers means node9 cannot prompt for human approval \u2014 use with care.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        channel: {
+          type: "string",
+          enum: ["native", "browser", "cloud", "terminal"],
+          description: "Approver channel to configure."
+        },
+        enabled: {
+          type: "boolean",
+          description: "true to enable the channel, false to disable it."
+        }
+      },
+      required: ["channel", "enabled"]
+    }
+  },
   {
     name: "node9_undo_list",
     description: "List the node9 snapshot history. Each entry shows the git hash, tool that triggered it, a short summary, affected files, working directory, and timestamp. Use this to find a hash before calling node9_undo_revert.",
@@ -10555,6 +10984,79 @@ function handleShieldEnable(args) {
   const shield = getShield(name);
   return `Shield "${name}" enabled \u2014 ${shield.smartRules.length} smart rule${shield.smartRules.length === 1 ? "" : "s"} now active.`;
 }
+function handleShieldDisable(args) {
+  const service = args.service;
+  if (typeof service !== "string" || !service) {
+    throw new Error("service is required");
+  }
+  const name = resolveShieldName(service);
+  if (!name) {
+    throw new Error(
+      `Unknown shield: "${service}". Run node9_shield_list to see available shields.`
+    );
+  }
+  const active = readActiveShields();
+  if (!active.includes(name)) {
+    return `Shield "${name}" is not active.`;
+  }
+  writeActiveShields(active.filter((s) => s !== name));
+  return `Shield "${name}" disabled.`;
+}
+var GLOBAL_CONFIG_PATH2 = path27.join(os20.homedir(), ".node9", "config.json");
+var APPROVER_CHANNELS = ["native", "browser", "cloud", "terminal"];
+function readGlobalConfigRaw() {
+  try {
+    if (fs24.existsSync(GLOBAL_CONFIG_PATH2)) {
+      return JSON.parse(fs24.readFileSync(GLOBAL_CONFIG_PATH2, "utf-8"));
+    }
+  } catch {
+  }
+  return {};
+}
+function writeGlobalConfigRaw(data) {
+  const dir = path27.dirname(GLOBAL_CONFIG_PATH2);
+  if (!fs24.existsSync(dir)) fs24.mkdirSync(dir, { recursive: true });
+  fs24.writeFileSync(GLOBAL_CONFIG_PATH2, JSON.stringify(data, null, 2) + "\n");
+}
+function handleApproverList() {
+  const config = getConfig();
+  const approvers = config.settings.approvers;
+  const lines = ["Approver channels:\n"];
+  for (const ch of APPROVER_CHANNELS) {
+    const on = approvers[ch];
+    lines.push(`  ${on ? "[enabled] " : "[disabled]"} ${ch}`);
+  }
+  const enabledCount = APPROVER_CHANNELS.filter((ch) => approvers[ch]).length;
+  if (enabledCount === 0) {
+    lines.push("\nWARNING: all approver channels are disabled \u2014 node9 cannot prompt for approval.");
+  }
+  return lines.join("\n");
+}
+function handleApproverSet(args) {
+  const channel = args.channel;
+  const enabled = args.enabled;
+  if (!channel || !APPROVER_CHANNELS.includes(channel)) {
+    throw new Error(
+      `Invalid channel: "${channel}". Must be one of: ${APPROVER_CHANNELS.join(", ")}.`
+    );
+  }
+  if (typeof enabled !== "boolean") {
+    throw new Error("enabled must be a boolean (true or false).");
+  }
+  const raw = readGlobalConfigRaw();
+  const settings = raw.settings ?? {};
+  const approvers = settings.approvers ?? {};
+  approvers[channel] = enabled;
+  settings.approvers = approvers;
+  raw.settings = settings;
+  writeGlobalConfigRaw(raw);
+  const currentApprovers = getConfig().settings.approvers;
+  const anyEnabled = APPROVER_CHANNELS.some(
+    (ch) => ch === channel ? enabled : currentApprovers[ch]
+  );
+  const suffix = anyEnabled ? "" : "\nWARNING: all approver channels are now disabled \u2014 node9 cannot prompt for approval.";
+  return `Approver channel "${channel}" ${enabled ? "enabled" : "disabled"} in ~/.node9/config.json.${suffix}`;
+}
 function handleUndoList() {
   const history = getSnapshotHistory();
   if (history.length === 0) {
@@ -10628,6 +11130,12 @@ function runMcpServer() {
           text = handleShieldList();
         } else if (toolName === "node9_shield_enable") {
           text = handleShieldEnable(toolArgs);
+        } else if (toolName === "node9_shield_disable") {
+          text = handleShieldDisable(toolArgs);
+        } else if (toolName === "node9_approver_list") {
+          text = handleApproverList();
+        } else if (toolName === "node9_approver_set") {
+          text = handleApproverSet(toolArgs);
         } else if (toolName === "node9_undo_list") {
           text = handleUndoList();
         } else if (toolName === "node9_undo_revert") {